Количество 314 458
Количество 314 458
GHSA-34mm-h774-r86f
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.
GHSA-34mm-g3g7-qjrm
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
GHSA-34mm-8vxq-7m2j
Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.
GHSA-34mm-8gf5-xj36
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
GHSA-34mm-3fgq-qjxq
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
GHSA-34mj-v24w-6jvv
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."
GHSA-34mj-396j-93pr
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
GHSA-34mg-j6f6-fj36
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
GHSA-34mg-6ppq-mw32
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
GHSA-34m9-wm25-r85j
Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.
GHSA-34m9-46jh-jxm4
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned a (CVE)ID:CVE-2022-48470
GHSA-34m8-w8w3-m7v4
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
GHSA-34m8-5x3c-2ccr
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.
GHSA-34m8-5pc6-8fvm
Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team WebinarIgnition.This issue affects WebinarIgnition: from n/a through 3.05.8.
GHSA-34m7-mp8x-ggjm
Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM).
GHSA-34m7-5gf2-rcmj
RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent.
GHSA-34m5-x2xp-x8mh
Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.
GHSA-34m5-gjm5-2c83
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
GHSA-34m5-cpcv-cf78
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
GHSA-34m5-796p-mjcp
Apache UIMA DUCC allows remote code execution
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
GHSA-34mm-h774-r86f The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-34mm-g3g7-qjrm Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | CVSS3: 9.8 | 7% Низкий | больше 3 лет назад | |
GHSA-34mm-8vxq-7m2j Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | CVSS3: 6.1 | 85% Высокий | почти 3 года назад | |
GHSA-34mm-8gf5-xj36 Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument. | 50% Средний | больше 3 лет назад | ||
GHSA-34mm-3fgq-qjxq It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. | CVSS3: 4.7 | 0% Низкий | больше 3 лет назад | |
GHSA-34mj-v24w-6jvv Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability." | 51% Средний | больше 3 лет назад | ||
GHSA-34mj-396j-93pr If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | CVSS3: 8.8 | 0% Низкий | около 3 лет назад | |
GHSA-34mg-j6f6-fj36 Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0% Низкий | больше 3 лет назад | ||
GHSA-34mg-6ppq-mw32 SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API. | 0% Низкий | почти 4 года назад | ||
GHSA-34m9-wm25-r85j Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад | |
GHSA-34m9-46jh-jxm4 Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned a (CVE)ID:CVE-2022-48470 | CVSS3: 4 | 0% Низкий | около 1 года назад | |
GHSA-34m8-w8w3-m7v4 An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад | |
GHSA-34m8-5x3c-2ccr IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. | CVSS3: 5.3 | 0% Низкий | почти 2 года назад | |
GHSA-34m8-5pc6-8fvm Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team WebinarIgnition.This issue affects WebinarIgnition: from n/a through 3.05.8. | CVSS3: 5.4 | 0% Низкий | почти 2 года назад | |
GHSA-34m7-mp8x-ggjm Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM). | 0% Низкий | больше 3 лет назад | ||
GHSA-34m7-5gf2-rcmj RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. | CVSS3: 5.5 | 0% Низкий | больше 3 лет назад | |
GHSA-34m5-x2xp-x8mh Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template. | 1% Низкий | почти 4 года назад | ||
GHSA-34m5-gjm5-2c83 SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter. | 0% Низкий | больше 3 лет назад | ||
GHSA-34m5-cpcv-cf78 Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code. | 1% Низкий | почти 4 года назад | ||
GHSA-34m5-796p-mjcp Apache UIMA DUCC allows remote code execution | CVSS3: 8.8 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу